New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add more security actions logs #1563
Changes from 14 commits
495bdbd
cdd4d10
b3addc6
18ab90e
1a5feb6
fed2dda
f61689c
6b1f6f2
7000649
641fe0a
233d571
d10905e
e2f9c14
f7fb67e
c6d932f
5d6f3d6
36a80cd
da1816f
04606d6
2d31d90
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -305,6 +305,7 @@ class SecurityController extends NativeController { | |
description, | ||
{ apiKeyId, creatorId, refresh }); | ||
|
||
this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action}" on user "${userId}."`); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. you should use the creatorId variable instead (which should use that new getUserId function to prevent an error if invoked by a plugin) |
||
return apiKey.serialize({ includeToken: true }); | ||
} | ||
|
||
|
@@ -536,7 +537,10 @@ class SecurityController extends NativeController { | |
refresh: getRefresh(request) | ||
} | ||
) | ||
.then(role => formatProcessing.serializeRole(role)); | ||
.then(role => { | ||
this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action}" on role "${role._id}."`); | ||
return formatProcessing.serializeRole(role); | ||
}); | ||
} | ||
|
||
/** | ||
|
@@ -559,7 +563,10 @@ class SecurityController extends NativeController { | |
refresh: getRefresh(request) | ||
} | ||
) | ||
.then(role => formatProcessing.serializeRole(role)); | ||
.then(role => { | ||
this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action}" on role "${role._id}."`); | ||
return formatProcessing.serializeRole(role); | ||
}); | ||
} | ||
|
||
/** | ||
|
@@ -574,7 +581,11 @@ class SecurityController extends NativeController { | |
const options = { refresh: getRefresh(request) }; | ||
|
||
return this.kuzzle.repositories.role.load(request.input.resource._id) | ||
.then(role => this.kuzzle.repositories.role.delete(role, options)); | ||
.then(role => | ||
{ | ||
this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action} on role "${role._id}."`); | ||
return this.kuzzle.repositories.role.delete(role, options); | ||
}); | ||
} | ||
|
||
/** | ||
|
@@ -643,7 +654,9 @@ class SecurityController extends NativeController { | |
refresh: getRefresh(request) | ||
} | ||
) | ||
.then(profile => formatProcessing.serializeProfile(profile) | ||
.then(profile => { | ||
this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action}" on profile "${profile._id}."`); | ||
return formatProcessing.serializeProfile(profile);} | ||
); | ||
} | ||
|
||
|
@@ -668,8 +681,10 @@ class SecurityController extends NativeController { | |
refresh: getRefresh(request) | ||
} | ||
) | ||
.then(profile => formatProcessing.serializeProfile(profile) | ||
); | ||
.then(profile => { | ||
this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action}" on profile "${profile._id}."`); | ||
return formatProcessing.serializeProfile(profile); | ||
}); | ||
} | ||
|
||
/** | ||
|
@@ -684,7 +699,10 @@ class SecurityController extends NativeController { | |
const options = { refresh: getRefresh(request) }; | ||
|
||
return this.kuzzle.repositories.profile.load(request.input.resource._id) | ||
.then(profile => this.kuzzle.repositories.profile.delete(profile, options)); | ||
.then(profile => { | ||
this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action}" on profile "${profile._id}."`); | ||
return this.kuzzle.repositories.profile.delete(profile, options); | ||
}); | ||
} | ||
|
||
/** | ||
|
@@ -854,6 +872,7 @@ class SecurityController extends NativeController { | |
|
||
await this.kuzzle.repositories.user.delete(user, options); | ||
|
||
this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action}" on user "${userId}."`); | ||
return { | ||
_id: userId | ||
}; | ||
|
@@ -880,6 +899,7 @@ class SecurityController extends NativeController { | |
const pojoUser = request.input.body.content; | ||
pojoUser._id = request.input.resource._id || uuid(); | ||
|
||
this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action}" on user "${pojoUser._id}."`); | ||
return persistUser(this.kuzzle, request, pojoUser); | ||
} | ||
|
||
|
@@ -905,6 +925,7 @@ class SecurityController extends NativeController { | |
|
||
pojoUser.profileIds = this.kuzzle.config.security.restrictedProfileIds; | ||
|
||
this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action}" on user "${pojoUser._id}."`); | ||
return persistUser(this.kuzzle, request, pojoUser); | ||
} | ||
|
||
|
@@ -937,7 +958,10 @@ class SecurityController extends NativeController { | |
Object.assign(currentUserPojo, pojo)); | ||
}) | ||
.then(user => this.kuzzle.repositories.user.persist(user, options)) | ||
.then(updatedUser => formatProcessing.serializeUser(updatedUser)); | ||
.then(updatedUser => { | ||
this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action}" on user "${updatedUser._id}."`); | ||
return formatProcessing.serializeUser(updatedUser); | ||
}); | ||
} | ||
|
||
/** | ||
|
@@ -986,6 +1010,7 @@ class SecurityController extends NativeController { | |
updatedUser, | ||
options); | ||
|
||
this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action}" on user "${createdUser._id}."`); | ||
scottinet marked this conversation as resolved.
Show resolved
Hide resolved
|
||
return formatProcessing.serializeUser(createdUser); | ||
} | ||
|
||
|
@@ -1010,7 +1035,10 @@ class SecurityController extends NativeController { | |
.then(profile => this.kuzzle.repositories.profile.validateAndSaveProfile( | ||
_.extend(profile, request.input.body), | ||
options)) | ||
.then(updatedProfile => formatProcessing.serializeProfile(updatedProfile)); | ||
.then(updatedProfile => { | ||
this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action}" on profile "${updatedProfile._id}."`); | ||
return formatProcessing.serializeProfile(updatedProfile); | ||
}); | ||
} | ||
|
||
/** | ||
|
@@ -1035,7 +1063,10 @@ class SecurityController extends NativeController { | |
.then(role => this.kuzzle.repositories.role.validateAndSaveRole( | ||
_.extend(role, request.input.body), | ||
options)) | ||
.then(updatedRole => formatProcessing.serializeRole(updatedRole)); | ||
.then(updatedRole => { | ||
this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action}" on role "${updatedRole._id}."`); | ||
return formatProcessing.serializeRole(updatedRole); | ||
}); | ||
} | ||
|
||
/** | ||
|
@@ -1075,6 +1106,7 @@ class SecurityController extends NativeController { | |
.then(() => response); | ||
} | ||
|
||
this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action}".`); | ||
return response; | ||
}); | ||
} | ||
|
@@ -1179,6 +1211,7 @@ class SecurityController extends NativeController { | |
strategy, | ||
'create'); | ||
|
||
this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action}" on user "${id}."`); | ||
return createMethod(request, request.input.body, id, strategy); | ||
}); | ||
} | ||
|
@@ -1214,6 +1247,7 @@ class SecurityController extends NativeController { | |
strategy, | ||
'update'); | ||
|
||
this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action}" on user "${id}."`); | ||
return updateMethod(request, request.input.body, id, strategy); | ||
}); | ||
} | ||
|
@@ -1273,7 +1307,10 @@ class SecurityController extends NativeController { | |
'delete'); | ||
|
||
return deleteMethod(request, request.input.resource._id, request.input.args.strategy) | ||
.then(() => ({acknowledged: true})); | ||
.then(() => { | ||
this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action}" on user "${request.input.resource._id}."`); | ||
return {acknowledged: true}; | ||
}); | ||
} | ||
|
||
/** | ||
|
@@ -1468,6 +1505,16 @@ function mDelete (kuzzle, type, request) { | |
errorsManager.get('services', 'storage', 'incomplete_delete', errors)); | ||
} | ||
|
||
const userId = request.context && request.context.user && request.context.user._id | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Why don't use There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Because this function is outside the class There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Oh yes you're right! |
||
? request.context.user._id | ||
: null; | ||
|
||
if (ids.length > 1000) { | ||
kuzzle.log.info(`[SECURITY] User "${userId}" deleted the following ${type}s ${ids.slice(0, 1000).join(', ')}... (${ids.length - 1000} more users deleted)."`); | ||
} | ||
else { | ||
kuzzle.log.info(`[SECURITY] User "${userId}" deleted the following ${type}s ${ids.join(', ')}."`); | ||
} | ||
return ids; | ||
}); | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
janitor.loadSecurities
seems to expect a User object, not an anonymous{user: <User>}
object